Package: libssh2 / 1.9.0-2

Metadata

Package Version Patches format
libssh2 1.9.0-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
manpage.patch | (download)

docs/libssh2_userauth_publickey_frommemory.3 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix typo
0001 Add lgpg error to .pc to facilitate static linking.patch | (download)

libssh2.pc.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] add -lgpg-error to .pc to facilitate static linking

Note that this patch is Debian-specific as we know that libssh2 is linked
to gcrypt.

Patching configure.ac to add gpg-error as a dependent library is not good, as it
would cause overlinking of libssh2, and there is no separate variable for
"static dependencies".

All this mess ought to be solved in gcrypt inself by providing .pc file,
but it is not.


0001 Do not expose private libraries nor link flags to us.patch | (download)

libssh2.pc.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] do not expose private libraries nor link flags to users of
 libssh2

Reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747417

CVE 2019 17498.patch | (download)

src/packet.c | 68 29 + 39 - 0 !
1 file changed, 29 insertions(+), 39 deletions(-)

 [patch] packet.c: improve message parsing (#402)

* packet.c: improve parsing of packets

file: packet.c

notes:
Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.